Increasingly, organizations establish trust relationships to allow each others' customers to access resources belonging to each organization, independent of which organization owns the resource. In these circumstances, a user associated with a home entity will be allowed to access the resources of a visited entity when the user is roaming. For example, a first bank may allow customers of a second bank to access ATMs belonging to the first bank. In another example, debit cards from a bank may be used at point of sale terminals of department stores, restaurants, gas stations etc. In yet another example, customers of a first internet provider may allow customers of a second internet provider to gain access to their network via access equipment owned by the first internet provider, for example wireless access points or access terminals, in cafes, airports, etc. In yet another example, groups of employees of a second organization who are working within a first organization may be authorized for access to certain resources within the first organization including network access and physical access (e.g. doors, buildings etc.).
These and other situations share some common characteristics. First, there are a limited number of organizations which allow each others' customers access to resources owned by each organization. Second, there is a pre-established trust relationship between the limited number of organizations, with each organization acting as a trusted entity to the other organizations within that trust relationship. Third, there is a pre-established trust relationship between each organization and its members.
Currently, the trust relationship between a limited number of trusted entities is reflected by a first trusted entity (the visited entity) that operates a resource, allowing a trusted user from a second trusted entity (the user's home entity) access to the resource, when the user is roaming from his or her home entity. Further, the first trusted entity allows the resource to communicate with the second trusted entity to verify credentials of the trusted user. A result of this verification is transmitted back to the resource of the first trusted entity, which then allows the user access, for example to make transactions. In this instance, and in particular if the transaction is a financial transaction, further communications may need to occur between the resources of the first trusted entity and the second trusted entity to complete the transaction. In addition, this trust relationship may be reflected in the billing relationship between the two entities: for example, the first trusted entity trusts the second trusted entity to accurately bill for the trusted user's access to the resource, and the first trusted entity trusts the second trusted entity to transmit the first trusted entity's share of this payment.
The initial access process generally has two parts. First, it must be determined which trusted identity the user is associated with, so that credentials and data can be transmitted to the trusted entity. Second, the credentials of the user must be verified as the credentials of a trusted user authorized to access the resource, and in some instances exchange information with their trusted entity. Hence, the credentials generally include an indication of the user's trusted entity (e.g. their bank, their access provider, their company, etc.), and a personal identifier, such as a user ID. In this context, several problems arise, related to both volume and security. For example, the indication of the user's trusted entity is generally provided to the resource in the clear (i.e. not encrypted) via a swipe card, a wireless tag or a data entry event, which may allow a malicious user to acquire this data unbeknownst to the user and further compile a list of these indications. These indications may be used in attacks on the network through which trusted entities communicate. Further, the remote verification and authorization of the user can create excess traffic on a network.
Against this background, it is clear that there is a need for improved access control techniques in interactions with a resource based on data supplied by a local user.